Navigation

Post navigation

How to : Port Security in Cisco switches

Cisco Port security is an important feature to most of my customer. Especially Software development companies and BPOs are the constant customer types asking for this feature to restrict devices connecting to their network.

Cisco Port security is to limit the devices that are connecting to the Wired network via switches. This feature checks for MAC address of the device that has just accessed the switch port and verifies whether that device is allowed to connect wired network or not. The wireless equivalent of this feature is MAC address Authentication. The number of addresses the feature accepts is equivalent to the maximum limit of MAC address of the switch.
When there is a violation then switch will respond depends upon configuration. Config gives you three options 1. Protect 2. Restrict and 3. Shutdown. 2nd and 3rd options will notify administrators via SNMP Traps. For those who dont want to go each and every workstation and collect MAC addresses, there is an option called “sticky”. After switch completes learning MAC addresses you can disable sticky and let the MAC address in dynamic allocation. However if you want more strict restriction, go for manual static entries. In case you want to remove dynamic learned addresses also, then disable Port security completely and re-enable it. Port security support aging also. Use options “absolute” to retain till specified time limit and option “inactive” to retain MAC address till specified time after inactivity.